IT201700014359A1 - Anti-counterfeiting bar code, system and method for generating and authenticating a security based on this code - Google Patents

Description

"Anti-counterfeiting barcode, system and method for generating and authenticating a security based on this code"

TEXT OF THE DESCRIPTION

The present invention relates to a bar code, in particular of the so-called QR two-dimensional type.

QR codes are two-dimensional barcodes, i.e. matrix or 2D, which in a black and white image, composed of black modules arranged within a square-shaped scheme, can encode a large amount of information, up to 7,089 numeric characters or 4296 alphanumeric characters.

The acronym QR derives from Quick Response, by virtue of the fact that the decoding of the code by a reader device is very fast. Fig. 1 shows an example of a QR code that encodes the owner's URL http://www.aitek.it.

For more technical details relating to QRs and related generation and reading tools, please refer to the ISO / IEC 18004 standard and to the patent documents of Denso Wave Corporation such as, for example, JP2938338, JP2867904, JP3716527, JP3726395, JP3843595, JP3996520, US5726435, US5691527, US7032823 to be considered an integral part of this description.

QR codes are particularly suitable for the distribution of dematerialized access tickets and / or authorization due to the high capacity of coding information content and reading speed. The very nature of the QR code is very suitable for distribution on mobile devices such as smartphones.

The weak point of the use of QR codes in the dematerialization of securities is linked to the ease of generation of abusive copies, which forces the issuer of the security to implement centralized validation policies, capable of keeping track of the readings carried out by the validators scattered throughout the territory to detect any attempts to use illicit copies.

Fig. 2 shows a block diagram of a typical mobile terminal 1 used for reading and validating a security purchased by a user and shown as a QR to a merchant or operator of a service, for example through the display of his smartphone.

Terminal 1 comprises an antenna 101 for transmitting and receiving data from a remote unit or server for title validation, a control unit 201, a transmitter / receiver circuit 301 which interfaces the control unit 201 with the antenna 101 , a barcode reader 401 such as for example a scanner or a camera for reading QR codes, a memory 501 containing data and instructions for the operation of the control unit, a display 601 to view the user interface of the terminal and a power supply 701. The control unit 201 is programmed to decode the title contained in the QR code and validate the same by making a comparison with what is present on the remote management server through the circuit 301 and the antenna 101. If the title is not is already used, it can be validated and unmarked on the server to prevent a second use.

This procedure, although functional, is particularly laborious and, above all, involves the need for communication with a remote validation server which is not always possible. Consider, for example, a railway or metropolitan context, in particular in the underground sections, which most of the time is not able to offer reliable and robust wireless communication.

The object of the present invention is to produce a QR-type bar code, in particular two-dimensional, with anti-counterfeiting characteristics which does not require validation with remote servers.

A further purpose is to create devices capable of generating and reading said code for managing secure transactions between a managing body and a user as well as systems and methods for generating and authenticating a security based on said code.

The invention achieves its purpose with a barcode, for example of the QR type, capable of being read by a scanner or reader for decoding the information contained therein. The code includes a combination of graphic modules within a geometric shape arranged according to a defined rule in order to encode sequences of alphanumeric characters and / or graphic symbols. The information contained in the code includes a fixed part and a variable part. The variable part is coded together with the fixed part in order to alter the information content of the code according to the instant in time in which the code is generated.

The fixed part advantageously encodes the information of interest while the variable part alters said information so as to introduce in the code a dynamic key, typically variable over time with a predetermined frequency based on a defined security algorithm, which can be determined by comparing several codes generated in sequence for the same information of interest.

Thanks to this, the code takes on a unique connotation and, therefore, does not require validation with a remote server as only the owner of the original title is able to generate this dynamic code. As we will see later, in some embodiments this server can still be present to increase the security level of the transactions.

According to one aspect, the invention relates to a device for generating the aforementioned dynamic barcode. The device comprises an input for reading an information to be coded and a unit for generating a dynamic key. The key generation unit comprises, or is interfaced with, a counter or a timer in order to generate different keys at different instants of time according to a predefined algorithm, an encoding unit which transforms the information to be encoded together with the dynamic key in barcode sequences and an output for the output of the codes thus generated.

The information present in the code typically includes a sequence of fixed characters or symbols while the dynamic key includes a sequence of characters or symbols that vary over time. The output codes represent in an encoded way a string comprising the sequence of characters or symbols of the information and the characters or symbols of the key arranged in predefined positions relative to each other.

According to another aspect, the invention relates to a device for reading the dynamic barcode containing coded information. The device includes:

- a barcode reader;

- a memory for storing sequences of codes and / or strings;

- a control unit;

- an output unit to output the decoded information.

By bar code reader we mean any device equipped with sensors able to detect a distribution of areas having a different intensity of reflection of electromagnetic radiation, for example a camera, a laser sensor or the like and to generate signals related to it for its interpretation of the information content.

The control unit is configured for:

- receive sequences of codes in output from the reader;

- decode the content of each code; - storing said content as decoded in the form of strings of characters or symbols in the memory;

- comparing at least a subset of consecutive stored strings to identify the variable key on the basis of a predefined algorithm;

- extract the string containing the information - show the string containing the information at the output.

In one embodiment it is further provided for

- extract the string containing the information by eliminating the characters or symbols that make up the key as identified by at least one of the stored strings;

- show the string containing the information at the output.

As far as it is concerned, the variable key can be in the form of the key of an algorithm for encrypting the strings of information.

The invention also relates to a system for the generation and authentication of a title represented by a sequence of alphanumeric characters and / or symbols including the aforementioned devices as well as a method for the generation and authentication of said title.

According to an embodiment, the system comprises a generation terminal and a validation terminal, in which the generation terminal, typically a smartphone, a tablet, a personal computer or the like, comprises:

- means to receive the security from a managing body;

- a device to encode the title and output a sequence of dynamic codes according to the invention,

where the authentication terminal includes:

- means for receiving the code sequence from the generating terminal;

- a device for reading the codes and extracting the title according to the invention.

The invention also relates to a method for generating a dynamic barcode representing, in a coded manner, a title formed by a sequence of alphanumeric characters and / or symbols, the method comprising the following steps:

- receive a security from a managing body;

- read the sequence of characters or symbols that make up the title;

- generate a time-varying dynamic key according to a predetermined algorithm;

- generating strings comprising the sequence of the characters or symbols of the title and of the characters or symbols of the key arranged in predefined positions relative to each other;

- encode the strings in sequence of two-dimensional barcodes, such as QR or similar.

The invention also concerns a method for the authentication of a security expressed in the form of code sequences including the steps of:

- receive the code sequences;

- decode the content of each code; - storing said content as decoded in the form of strings of characters or symbols;

- comparing at least a subset of consecutive stored strings to identify the variable key present in the codes on the basis of a predefined algorithm;

- extract the string containing the title by applying the predefined algorithm with the variable key in reverse, for example to eliminate the characters or symbols that make up the key as identified by at least one of the stored strings or to decrypt the previously encrypted string with an algorithm of encryption on the basis of said variable key;

- show in output the string containing the title;

- if necessary, validate the title.

The further features and improvements are the subject of the sub-claims.

The characteristics of the invention and the advantages deriving from it will become more evident from the following detailed description of the attached figures, in which:

Fig. 1 shows an example of a QR code that represents the URL http://www.aitek.it.

Fig. 2 shows the block diagram of a QR code reading and authentication terminal according to the known art.

Fig. 3a shows an example of an alphabetic string representing a title.

Fig. 3b shows the string in the previous figure as altered by the dynamic key at 17:27:35 in an illustrative example.

Fig. 3c shows the same string of figure 3 as altered by the dynamic key at 17:27:36.

Fig. 4 shows, in tabulated form, how the strings and the corresponding QR codes appear as the time varies in the configuration of the examples of the preceding figures.

Fig. 5 shows a block diagram of a system for the generation and authentication of a security according to an embodiment of the invention comprising a generation terminal and a validation terminal.

Fig. 6 shows a block diagram of a system according to another embodiment of the invention.

Fig. 7 shows the block diagram of the generating terminal of the system of fig. 7 and 8.

Fig. 8 shows the block diagram of the validation terminal of the system of fig. 7 and 8.

The securities generation and management process according to the present invention involves the following sub-processes:

- issue of the security;

- generation of the dynamic code based on the issued security. The code is also defined below as EQR Code or Enhanced QR Code;

- validation of the EQR Code;

- validation of the title.

ISSUE OF THE TITLE

The sub-process of issuing the security is a function carried out by the managing body and is highly dependent on the offer, management and security policies that the managing body intends to adopt.

For the purposes of the present invention it is sufficient to define the title generated by the management body system as a generic string represented by a sequence of alphanumeric characters and / or symbols.

Suppose, by way of example, that the string representing the title is the one shown in fig. 3a.

The security issue system must electronically transfer the string to an App, defined by way of example as EQR-App, residing on the smartphone or notebook or tablet of the user who purchased the security.

GENERATION OF THE EQR CODE ON THE BASIS OF THE TITLE ISSUED The EQR-App that receives the string representing the title processes it according to an enforcement algorithm that produces a new string that changes over time: the new string is nothing more than the original string increased by one or more enforcement fields that constitute the true variable component of the EQR Code.

By way of example, suppose that the enforcement algorithm predicts the generation of the enforcement string as the number of seconds that have elapsed since midnight of today's day, that is a string that varies between "00000" (corresponding to 00:00:00) and " 86399 "(at 23:59:59); we also assume that the algorithm provides for the insertion of the enforcement string at offsets 1, 2, 4, 8 and 16.

At 17:27:35 the enforcement string is "62855" which is inserted according to the algorithm in the string in fig. 3a produces the string shown in FIG. 3b.

One second later the enforcement string will be “62856” which produces the string shown in fig. 3c.

A different QR code corresponds to each enforced string; in the example we would have, over time, the situation shown in fig. 4.

The EQR-App therefore produces an animated image: each frame is a QR code that persists displayed on the screen for 1 sec, by virtue of the chosen enforcement algorithm.

The enforcement algorithm can be as complex as you like, as long as it respects the time-variance characteristic (regardless of the frequency of variation) and that it is unequivocally known to EQR-App and validation devices or applications.

VALIDATION OF THE EQR CODE

The validation of the EQR Code requires the acquisition of multiple QRs. At each QR reading, the validation device must extract the enforcement string and the title string from the code. The EQR can be validated if the enforcement string changes over time according to the enforcement algorithm and the title string is always the same.

VALIDATION OF THE TITLE

The validation of the security extracted from the EQR Code as described in the previous paragraph follows the validation policies chosen by the issuer / manager of the security itself. For example, it is possible to provide a notification to the managing body, not necessarily in real time, for example via email, of the use of the code representing the security issued in order to allow the managing body to close the transaction. To increase the level of security, it is possible to communicate to the manager in real time the validation of the security as in traditional systems in order to mark the security as no longer usable. In the same way it is also possible, before proceeding with the validation, to check with the managing body the effective validity of the title, obviously if the communication between the verifier and the body is possible.

A possible use of EQR codes is related to bank cards, ie ATMs and credit cards.

EQR ATM

To withdraw money from an ATM, which we will define as an EQR type, a user must activate the generation of the EQR code on his portable device (such as a smartphone). The generation process is activated upon request for a security code, such as a PIN, to be entered on the mobile device. Also through the portable device, the user specifies the amount he wishes to withdraw. The EQR encodes the user identification data necessary for the transaction and the desired amount.

The ATM becomes a simple device for reading and verifying the EQR code, making the transaction much safer.

POS EQR

Similarly to what is described for the ATM example, the EQR code can be used to create a new credit card format.

The POS EQR is enabled from the outside (for example from a cash register) for the debit of a certain amount of money, and prepares for the reading and verification of an EQR credit card. The user activates the generation of the credit card EQR on his portable device (for example a smart-phone), after entering a security code (for example a PIN) and shows the EQR to the POS which reads and checks of the EQR credit card before proceeding with the normal security validation and financial transaction operations.

With reference to Figure 5, a system for the generation and authentication of a security according to an embodiment of the invention is now described. The part of generation 2 and authentication 3 are represented together, but it is clear that each of them can be an independent device or terminal respectively for the generation and reading of a dynamic barcode containing information encoded according to the invention. The two devices in the context of this description are also defined as generation terminal and validation terminal.

With reference to fig. 7, the generation terminal 2, typically a smartphone, a tablet, a personal computer or the like, comprises an antenna 102 for transmitting and receiving data from a remote unit or server 4 for receiving a title from a managing body, a microprocessor or microcontroller control 202, a transmitter / receiver circuit 302 which interfaces the control unit 202 with the antenna 102, a memory 402 containing data and instructions for the operation of the control unit 202, a display 502 for displaying the terminal user interface and generated QR codes, a power source such as a power supply or battery 602, a timing unit such as a timer or counter 702, a dynamic key generation unit 802 and an encoding unit of strings in QR codes 902.

The operation of the generation 2 terminal is as follows. The user purchases the title by connecting to the manager's server 4 via the GSM network or the Internet. The control unit 202 receives the string representing the title. The 802 generation unit, interfaced with the 702 timing unit, generates a dynamic key that varies over time. The same 802 generation unit or 202 control unit incorporates the dynamic key in the title string in predefined positions, generating a multiplicity of sequential strings. The coding unit 902 therefore generates a QR code for each of the strings and shows them on the display after any storage, for example in any video format, in order to be able to show the title as encoded to a verifier or to an exercise at the which the goods corresponding to the purchased title are collected.

The timing units 702, the generation of the dynamic key 802 and the coding units 902 are shown in the figure as separate for ease of understanding the teachings of the present invention, but they can be one or more hardware or software modules part of the microprocessor control unit. or interfaced, or partially interfaced, to said microprocessor unit which executes specific instructions of a program or app contained within memory 402.

In one embodiment, the control unit 202 can be configured to perform, through a routine or an app, the following steps:

reading of the string representing the title as received by the managing body;

generation of a time-varying dynamic key according to a predetermined algorithm;

generation of strings comprising the sequence of the characters or symbols of the title and of the characters or symbols of the key arranged in predefined positions relative to each other; encoding of sequential strings of two-dimensional barcodes, such as QR or similar.

Let's now see the structure of the validation terminal 3 shown in fig. 8.

The validation terminal 3, typically a smartphone, a tablet, a personal computer, a POS or the like, comprises a microprocessor or microcontroller control unit 103 a barcode reader 203, such as for example a video camera for reading multiple QR codes in sequence, a memory 303 which contains the sequences of read codes and instructions for the operation of the control unit, a display 403 to visualize the user interface of the terminal and a power source such as a power supply or a battery 503. As in the case of the generating terminal, there may be an antenna 603 and a transmission / reception circuit 703, drawn in broken lines in the figure, but these do not take part in the title validation process except in an implementation form with a security level further enhanced described below with reference to the system of fig. 6 in which an interview of the validation terminal 3 with the server 4 of the managing body is envisaged.

There may be an ad hoc decoding unit of the read code 803 or it may advantageously be the same control unit to provide for the extraction of the title from the sequence of input codes to reader 203.

In one embodiment, the control unit 103 is configured for:

- receiving sequences of codes in output from reader 203;

- decode the content of each code; - storing said content as decoded in the form of strings of characters or symbols in the memory 303;

- comparing at least a subset of consecutive stored strings to identify the variable key on the basis of a predefined algorithm; - extract the string containing the information by eliminating the characters or symbols that make up the key as identified by at least one of the stored strings;

- show the string containing the information on display 403.

According to an improvement with increased safety shown in FIG. 6, there may be a remote server 4 to which both the generation terminal 2 and the validation terminal 3 are connected or connectable. Server 4 contains the list of securities issued and to be validated. The generation 2 terminal is configured to receive a title from the server 4 to generate a corresponding dynamic barcode, the control unit of the validation terminal 3 being configured for:

reading the dynamic code output from the generation terminal 2;

decode the title;

validate the title by verifying its presence on server 4;

cancel the validated title on server 4. According to a particularly advantageous embodiment, the validation terminal of the system according to the invention is a POS, an ATM or in any case an apparatus capable of executing a financial transaction with the generation terminal which acts as a bank card for the realization of said transaction.

Although the description mostly refers to two-dimensional codes of the QR-Code type, the teachings of the present invention can find application with any type of code. For example, it is possible to provide for the use of one-dimensional barcodes or two-dimensional codes of the most varied types such as the PDF-417 code created by Symbol Technologies Inc. in 1989, color codes in which the information contained therein is encoded using red, green and yellow basic color combinations, Data Matrix code, iClickGo, code 49, code 16k, Maxi code, Code one, Veri code, CodaBlack (MCL-2D), ArrayTag, Philips Dot code, Soft, strip tails and the like. All this without abandoning the guiding principle set out above and claimed below.

Claims (16)

CLAIMS 1. Graphic code such as a barcode or a QR code, which code is capable of being read by a scanner or reader for decoding the information contained therein, which code comprises a combination of graphic modules within a geometric shape arranged according to a defined rule so as to encode sequences of alphanumeric characters and / or graphic symbols, characterized by the fact that the information contained in the code includes a fixed part and a variable part, which variable part is encoded together with the fixed part in order to alter the information content of the code according to the instant in time in which the code is generated. 2. Code according to claim 1, wherein the fixed part encodes the information of interest while the variable part alters said information so as to introduce in the code a dynamic key which can be determined by comparing several codes generated in sequence for the same information interest. Code according to claim 1 or 2, wherein the dynamic key varies over time with a predetermined frequency based on a defined security algorithm. 4. Code according to one or more of the preceding claims, characterized in that it is a two-dimensional code of the QR type. 5. Device for generating a dynamic barcode according to one or more of the preceding claims, comprising an input for reading an information to be coded (302), a unit for generating a dynamic key (802), said unit comprising, or being interfaced with, a counter or a timer (702) so as to generate different keys at different instants of time according to a predefined algorithm, an encoding unit (902) which transforms the information to be encoded together with the dynamic key into barcode sequences, one output for the output (502) of the codes thus generated. 6. Device according to claim 5, wherein the information comprises a sequence of fixed characters or symbols, the dynamic key comprising a sequence of characters or symbols which varies over time, the output codes representing in a coded manner a string comprising the sequence of characters or symbols of the information and characters or symbols of the key arranged in predefined positions relative to each other. 7. Device for reading a dynamic barcode according to one or more of the preceding claims 1 to 4 and containing a coded information, the device comprising: - a barcode reader (203); - a memory (303) for storing sequences of codes and / or strings; - a control unit (103); - an output unit (403) to output the decoded information, characterized by the fact that the control unit (103) is configured for: - receiving sequences of codes in output from the reader (203); - decode the content of each code; - storing said content as decoded in the form of strings of characters or symbols in the memory (303); - comparing at least a subset of consecutive stored strings to identify the variable key on the basis of a predefined algorithm; - extract the string containing the information; - show in output (403) the string containing the information. 8. Device according to claim 7 in which the control unit is configured for - extract the string containing the information by eliminating the characters or symbols that make up the key as identified by at least one of the stored strings; - show the string containing the information at the output. Device according to one or more of the preceding claims 5 to 9 in which the variable key is in the form of a key of an information string encryption algorithm. 10. System for the generation and authentication of a title represented by a sequence of alphanumeric characters and / or symbols, the system comprising a generation terminal (2) and a validation terminal (3), in which the generation terminal (2) includes: - means (102, 302) for receiving the security from a managing body (4); - a device according to claim 5 or 6 for coding the title and output a sequence of codes according to one or more claims 1 to 4, wherein the authentication terminal (3) comprises: - means (203) for receiving the code sequence from the generator terminal (2); - a device according to claim 7 for reading the codes and extracting the title. System according to claim 10, wherein the generator terminal (2) is a smartphone, a tablet, a personal computer or the like controlled by a microprocessor unit (202) interfaced with a display (502), the unit for generation of the dynamic key (802), the coding unit (902), the counter or timer (702) being hardware or software modules part of said microprocessor unit (202) or interfaced, or partially interfaced, to said microprocessor unit (202), the output unit (502) being the terminal display or a display connected or connectable to it, the microprocessor unit (202) being configured to perform, through a routine or an app, the following steps: - reading of the string representing the title; - generation of a time-varying dynamic key according to a predetermined algorithm; - generation of strings comprising the sequence of the characters or symbols of the title and of the characters or symbols of the key arranged in predefined positions relative to each other; - encoding of sequential strings of two-dimensional barcodes, such as QR or similar. System according to claim 10 or 11, wherein the validation terminal (3) is a smartphone, tablet, personal computer, POS or the like controlled by a microprocessor unit (103) interfaced with a video camera (203) , which video camera (203) is configured to read the incoming barcodes to the validation terminal (3), the microprocessor unit acting as control unit (103) of the dynamic code reading device for extracting the title. System according to one or more of the preceding claims 10 to 12, in which there is a remote server (4) to which server (4) the generation terminal (2) and the validation terminal (3) are connected or connectable, which server (4) contains the list of securities issued and to be validated, in which the generation terminal (2) is configured to receive from the server (4) a title to generate a corresponding dynamic barcode, the unit of control (103) of the validation terminal (3) being configured for: - read the dynamic code in output from the generation terminal (2); - decode the title; - validate the title by verifying its presence on the server; - cancel the validated title on the server (4). 14. Method for generating a dynamic barcode representing, in an encoded manner, a title formed by a sequence of alphanumeric characters and / or symbols, the method comprising the following steps: - receive a security from a managing body; - read the sequence of characters or symbols that make up the title; - generate a time-varying dynamic key according to a predetermined algorithm; - generating strings comprising the sequence of characters or symbols of the title and of the characters or symbols of the key arranged in predefined positions relative to each other; - encode the strings in sequence of two-dimensional barcodes, such as QR or similar. 15. Method according to claim 14, characterized in that it further comprises an authentication step, said authentication step comprising the steps of: - receive the code sequences; - decode the content of each code; - storing said content as decoded in the form of strings of characters or symbols; - comparing at least a subset of consecutive stored strings to identify the variable key present in the codes on the basis of a predefined algorithm; - extract the string containing the title by applying the predefined algorithm with the variable key in reverse, for example to eliminate the characters or symbols that make up the key as identified by at least one of the stored strings or to decrypt the previously encrypted string with an algorithm of encryption on the basis of said variable key; - show in output the string containing the title. Method according to claim 15, wherein a title validation step is present.